Credit cards and debit/prepaid cards have become ever popular payment instruments for online and in-store purchases due to their convenience. However it is well known that the plastic cards are targets for fraudsters who may obtain the card information illegally, often purchasing within BIN ranges (the BIN being the first 6 digits of the payment card and uniquely associated with the card issuer), and use the stolen card details for fraudulent purchases, resulting in financial loss to customers, merchants and card issuers. Common frauds committed with these cards may include application fraud, counterfeit, friendly fraud, skimming, internet/mail/phone order fraud and lost/stolen etc. With Europay, Mastercard and Visa (EMV) technical standards migration in the United States, the fraud types will evolve over time to higher concentrations of “card not present” (CNP) fraud, i.e. a transaction such as over a network where the card is not physically present at the point of sale. As such, enhancing the capability of detecting the changing fraud pattern, including potential compromised card issuer BINs, is useful in mitigating the monetary loss due to frauds and thus is highly valuable to the card issuers and merchants.
Numerous algorithms and techniques have been utilized in the card transaction field aimed at detecting fraudulent payment card transactions. In general data mining algorithms are applied on historical transaction datasets, and artificial intelligence models are developed from the transactional patterns of legitimate and fraudulent transactions of the payment cards. One of the most prominent models is Falcon®, by FICO Corporation of San Jose Calif., which utilizes transaction profiling and neural network classification models for the majority of card issuers worldwide to detect fraudulent payment card transactions. Other models may include logistic regression, decision trees, etc. These models are used to generate one or more scores related to a risk of fraud.
Fraud detection systems are generally configured to work on the riskiest scores by triggering alerts for investigation. Fraudsters steal or skim card information illegally and also attempt to sell those card details for profit. The card information stolen typically includes the primary account number (PAN), cardholder name, and CVV. The first 6 digits of the PAN on the card is a bank identification number (BIN), which uniquely identifies the institution issuing the card. The BIN is the key in the process of matching transactions to the issuer of the payment card. After breaches of payment card details, fraudsters put up the cards (BIN, cardholder name, CVV, and cardholder location) on the “dark web” (networks of web content that exists on the Internet, but require specific software, configurations or authorization to access) for sale in bulk. Other fraudsters will purchase these and attempt to utilize them for fraudulent transactions.
While it might be evident that bundles of cards are for sale, it is difficult to predict when the sales occur and even more difficult to determine when the cards are “in-play” by fraudsters, meaning that cards have been purchased and are now being actively used to try to commit fraud. There can often be significant lags from the compromise of card details to their use on fraudulent transaction attempts. Financial institutions are also challenged to know which cards are compromised, or when. Information obtained from the dark web usually does not provide enough timely data to re-issue compromised cards, and so the industry needs active detection of abnormalities at the BIN/Location level.
It is often observed that the cards on sale on the dark web are quite concentrated in a limited number of regions (e.g., the regions may be specified by the first 2 and 3 digits of a zip code) and related to a few issuers (e.g., card issuers may be specified by BINs). Once those stolen cards are bought from the dark web and end up being used (more likely used for fraudulent card-not-present (CNP) purchases), the transactions associated with those compromised cards from specific BINs and cardholder zip codes may see aggregated abnormality patterns.
Traditionally the features gleaned from payment transactions to develop fraud detection models focus on the spending patterns of each customer. Those features may include variables based on transaction amount, date/time, location, merchant categorical code (MCC), merchant ID, point-of-sale entry mode and so on. Spending patterns can thus be established based upon each customer's unique transaction behavior in those aspects. For example, the time, MCC and location of a transaction may be utilized to obtain the historical fraud risk at a time-of-day, MCC or geographic location. Such fraud risk assessment is an important data-driven machine learning technique used in developing fraud detection models.
In response to bulk card sales on the dark web as mentioned above, detection of cards purchased and in-play revolves around aggregate abnormality patterns associated with particular groups of cards at the BIN/ZIP level. What is needed are methods to include such information in risk assessment and detection to assist in the detection and measurement of payment card fraud risk. The improvements in fraud detection are highly desirable in order to facilitate reducing impacts to customers, merchants and card issuers due to these orchestrated fraudulent transactions. It is also important as it addresses fraud at mass-scale which lowers the value of these cards in the dark web.